公开(公告)号：US20180068121A1

公开(公告)日：2018-03-08

申请号：US15255452

申请日：2016-09-02

Applicant: BAE SYSTEMS Information and Electronic Systems Integration Inc.

Inventor： Robert S. Gray ,  Vu T. Le ,  Robert B. Ross ,  Gregory S. Sadosuk ,  Michael J. Weber

IPC: G06F21/56 ,  G06F11/36 ,  G06F9/45

CPC classification number: G06F21/563 ,  G06F8/53 ,  G06F8/74 ,  G06F11/3636 ,  G06F2221/033

Abstract: A Taint Modeling Function (TMF) finds abstract patterns and uses them to automate the malware detection process. TMF involves the process of statically analyzing a sequence of assembly language instructions and abstracting complex relationships among instruction inputs and outputs into a mathematical function containing a set of algebraic expressions. The set of expressions support fully automating semantic pattern detection in binary code. It deterministically generates outputs given inputs determining code block outputs, for given inputs, without executing the code. It detects code patterns automatically to spot bad coding patterns directly from the binary used to detect bugs statically in the entire application space.

公开(公告)号：US20180367553A1

公开(公告)日：2018-12-20

申请号：US15624444

申请日：2017-06-15

Applicant: BAE Systems Information and Electronic Systems Integration Inc.

Inventor： Patrick M. Hayden ,  Jeong-O. Jeong ,  Vu T. Le ,  Christopher C. Rappa ,  Sumit Ray ,  Katherine D. Sobolewski ,  David K. Woolrich, JR.

IPC: H04L29/06 ,  G06N7/08

Abstract: Techniques are provided for cyber warning. One technique includes a cyber warning receiver (CWR). The CWR includes a bus sensing circuit to sense traffic on a communications bus over time, an anomaly detecting circuit to detect anomalous behavior in the sensed bus traffic, a data fusing circuit to fuse the detected anomalous behavior into groups having similar characteristics, a decision making circuit to decide if the fused anomalous behavior is normal or abnormal, and a behavior logging circuit to log the detected anomalous behavior on an electronic storage device. In one embodiment, the CWR further includes a behavior alerting circuit to alert an operator to the fused anomalous behavior identified as abnormal. In one embodiment, the communications bus is an embedded communications bus, such as a MIL-STD-1553 bus, and the CWR is a standalone device configured to connect to the MIL-STD-1553 bus as a bus monitor.

公开(公告)号：US11973769B1

公开(公告)日：2024-04-30

申请号：US17111662

申请日：2020-12-04

Applicant: BAE Systems Information and Electronic Systems Integration Inc.

Inventor： Vu T. Le ,  Elena E. Novikova ,  Matvey Yutin ,  Michael J. Weber

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1466

Abstract: An anomaly detection system is disclosed. In an embodiment, the anomaly detection system includes an anomaly detection module and a warning indicator module. The anomaly detection module includes one or more auto-encoders that receive sensor data from a plurality of sensors. Each of the one or more auto-encoders receives sensor data from at least three different sensors of the plurality of sensors. By receiving data output from at least three of the sensors, the auto-encoder can recognize expected inter-related patterns from the sensor output. The warning indicator module compares an output of a given auto-encoder of the plurality of auto-encoders to an input of the given auto-encoder to obtain an error value, and then compares that error value against an error threshold. In response to the error value exceeding the error threshold, the warning indicator module issues a warning signal associated with the sensor data received by the given auto-encoder.

公开(公告)号：US10728265B2

公开(公告)日：2020-07-28

申请号：US15624444

申请日：2017-06-15

Applicant: BAE Systems Information and Electronic Systems Integration Inc.

Inventor： Patrick M. Hayden ,  Jeong-O. Jeong ,  Vu T. Le ,  Christopher C. Rappa ,  Sumit Ray ,  Katherine D. Sobolewski ,  David K. Woolrich, Jr.

IPC: H04L29/06 ,  G06N7/08 ,  G06N20/10 ,  G06N7/00 ,  G06F21/55 ,  G06N3/08

Abstract: Techniques are provided for cyber warning. One technique includes a cyber warning receiver (CWR). The CWR includes a bus sensing circuit to sense traffic on a communications bus over time, an anomaly detecting circuit to detect anomalous behavior in the sensed bus traffic, a data fusing circuit to fuse the detected anomalous behavior into groups having similar characteristics, a decision making circuit to decide if the fused anomalous behavior is normal or abnormal, and a behavior logging circuit to log the detected anomalous behavior on an electronic storage device. In one embodiment, the CWR further includes a behavior alerting circuit to alert an operator to the fused anomalous behavior identified as abnormal. In one embodiment, the communications bus is an embedded communications bus, such as a MIL-STD-1553 bus, and the CWR is a standalone device configured to connect to the MIL-STD-1553 bus as a bus monitor.